- The National Initiative for Cybersecurity Education (NICE) released a Cybersecurity Workforce Framework to help organizations in various sectors educate and train staff members in needed cybersecurity measures. Entities will also have guidance on workforce development and planning that can be catered to their individual operations.
Coordinated by NIST, NICE is “is a partnership between government, academia, and the private sector working to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development.”
The Workforce Framework breaks down cybersecurity workforce areas by Category, Specialty Area, and Work Role. It also provides a superset of cybersecurity Knowledge, Skills, and Abilities (KSAs), along with tasks for each role.
“A user of the NICE Framework will reference it for different aspects of workforce development, education, and/or training purposes, and when that material is used at organizational levels, the user should customize what is pulled from the NICE Framework to standards, regulations, needs, and mission of the user’s organization,” stated the Framework executive summary. “The NICE Framework is a reference starting point for the content of guidance and guidelines on career paths, education, training, and credentialing programs.”
Cybersecurity is ever-evolving, which is why organizations must ensure they have the right individuals in the right positions to perform the necessary functions.
Entities need to first identify their specific cybersecurity workforce needs, according to report authors. This way, organizations can determine several aspects, including but not limited to the training requirements and standards, qualification requirements, how the position would progress, and the standardized development of position descriptions. From there, a capable and ready workforce can be found.
“Collaboration among public and private entities, such as through the NICE program, enables such institutions to determine common knowledge and abilities that are needed,” report authors explained. “In turn, developing and delivering curricula that are harmonized with the NICE Framework lexicon allows institutions to prepare students with the skills needed by employers.”
Retaining skilled cybersecurity talent is also crucial, NICE stressed. Hiring costs, expenses for training, diminished productivity, and reduced morale could all be the effects of having to refill a position.
The NICE Framework can help organizations retain and develop cybersecurity talent in several ways, including some of the following:
- Organizations can develop career pathways that describe the qualifications necessary for progressively challenging and evolving sets of work roles, such as those enumerated by the NICE Framework
- An organization might offer staff rotations to provide opportunities to develop and use new skills
- Group training opportunities can be identified to prepare staff members to enhance common knowledge, skills, and abilities in the work roles of an organization
- Organizations can use training and examinations that are based for specific cybersecurity skills and abilities to assess proficiency in a realistic environment
Employers, current and future cybersecurity workers, educators or trainers, and technology providers are all part of the targeted Framework audience, the report stated.
NICE first published a Cybersecurity Workforce Framework in 2013, which defined 31 cybersecurity-related specialty areas that were organized into seven categories. The Government Accountability Office (GAO) highlighted in an April 2017 report as a key tool to help organizations overcome the cybersecurity workforce challenges.
Those initiatives and other activities designed to improve the cybersecurity workforce are critical to overcome the current challenges in hiring skilled cybersecurity workers, GAO said.
“If effectively implemented, these initiatives, laws, and activities could help establish the cybersecurity workforce needed to secure and protect federal IT systems,” GAO report authors explained.
That GAO report also underlined the importance of creating a strong education foundation, specifically promoting a cyber and science, technology, engineering and mathematics (STEM) education. Cybersecurity skills gaps, being able to recruit and retain qualified staff, and the federal hiring process itself are top challenges for agencies trying to build up their cybersecurity workforce, researchers stated.
“Cybersecurity professionals can help to prevent or mitigate the vulnerabilities that could allow malicious individuals and groups access to federal IT systems,” the authors wrote. “The ability to secure federal systems depends on the knowledge, skills, and abilities of the federal and contractor workforce that uses, implements, secures, and maintains these systems.”